Abstract for the course

Information-Flow Control (IFC) emerges as a promising technology to harden
programs against information leakage and corruption. To avoid such problems, IFC
restricts programmers from writing code which irresponsibly distribute
(modifies) sensitive data. Special purpose IFC-languages have been developed
over the years but the impact in practice has been rather limited. Rather than
producing new languages from scratch, IFC can be also guaranteed via
libraries. As long as developers follow the libraries' APIs, it is guarantee
that their code will not reveal sensitive information. We believe that this
approach makes IFC technology more likely to be adopted. The course introduces
security problems regarding protecting sensitive data, the foundations for IFC,
and the principles behind many IFC libraries. The material presented in the
course is based on recent research results.

Prerequisites

The only prerequisite for students is to have basic functional programming
skills. The rest of the course is self-contained.

Acknowledgments

The development of this course is partly supported the Swedish research agency VR.